search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.92k stars 4.8k forks source link

Admission Control: support per route config #21255

Open hshamji opened 2 years ago

hshamji commented 2 years ago

QUESTION: Admission Control Non-Global Configurations

Description: When I try to configure Admission Control for a specific route I get the error that The filter envoy.filters.http.admission_control doesn't support virtual host-specific configurations.

I'm trying to understand the limits of this. Could I for example split traffic on headers and apply Admission Control to one set of headers? I'm still getting my bearings in the codebase, but I think this wouldn't be possible, right?

What would the complexity (and interest) be in a patch to make this filter available for virtual host-specific configurations, ex. for different headers, or different subpaths.

Thank you,

mattklein123 commented 2 years ago

What you will see is that admission control does not implement the createRouteSpecificFilterConfigTyped method on the config. I don't think it would be too terribly hard to do this if you want to give it a shot. cc @tonya11en

https://github.com/envoyproxy/envoy/blob/main/source/extensions/filters/http/admission_control/config.h

vs.

https://github.com/envoyproxy/envoy/blob/main/source/extensions/filters/http/rbac/config.h

tmsnan commented 2 years ago

Hi @mattklein123 , I would like to work on this issue if no one has picked this up yet.

hshamji commented 2 years ago

I was hoping to take a stab at this. I'm a newbie to the codebase so I'll take a little getting up to speed. Love to pair on this if you'd be interested.

mattklein123 commented 2 years ago

No one else is working on this that I know so I will let the two of you sort it out!

tonya11en commented 2 years ago

I'm happy to review the PR, when you're ready!

wtzhang23 commented 2 months ago

Any updates on the progress of this? If not, I can take a stab.

hshamji commented 2 months ago

No progress. Pls feel free!

tonya11en commented 2 months ago

It's worth pointing out that a lot of the cases where this feature was needed are covered now with the ability to use this as an upstream filter (https://github.com/envoyproxy/envoy/pull/23071).

wtzhang23 commented 2 months ago

I have a weird use case where I need to differentiate based on routes to the same cluster.

tonya11en commented 2 months ago

I have a weird use case where I need to differentiate based on routes to the same cluster.

Tag me in the PR when you're ready and I can review.